What is Phishing? How can you Prevent it?

According to a survey, last year alone 94% of businesses reported that it had experienced a phishing attack.

Add to this that phishing attacks are one of the favourite routes into your business for a cyber-criminal. The majority of ransomware attacks start with a successful phishing attack.

So it makes sense that you as a business owner knows that a phishing attack is and how you can protect your business against them.

Not that type of Fishing

Now the type of phishing we’re talking about doesn’t begin with an F, but with a ph - but the term is actually taken from fishing itself.

Imagine the people inside of your business are those little fish swimming in the sea, and the hackers are the fishermen.

The hackers dangle their fishing rods into the water and hope that someone in your organization will take the bait.

Thankfully for the hackers, a lot of people do.

Our Most Recognisable Brands

The bait, in this case, isn’t food, but are emails designed so well that they tempt people to click on them.

Our most favourite and recognisable brands are used by the hackers to tempt us to click on the links.

The phishing email might be an email from Amazon offering you a free Amazon gift voucher. All you have to do is click on the link to claim it!

Or you might get an email from DHL telling us about a parcel that we’re expecting. In today’s online shopping world, we seem to be expecting parcels every day of the week.

But the most common brand used for phishing attacks is Microsoft.

Microsoft 365 is the most popular business IT system in the world with over 200million worldwide users. This makes it a prime target for phishing attacks.

It Will Happen to You

When we hear about these scams affecting other people, we also think that it won’t happen to us. We’d be able to easily spot an attack.

Can you remember phishing attacks years ago offering us $10,000,000 from a distant relative in a faraway country? I do. Rarely did people believe these.

But as we become more knowledgeable - the hackers get more sophisticated. The phishing attacks become more believable.

Businesses like yours are falling for these scams every single day

What happens during a Phishing Attack?

So someone in our business gets a phishing email. It’s from Microsoft and it tells them that their mailbox is full. Your employee knows that you use Microsoft for email and so why wouldn’t this be real?

They then click on the link, what happens next?

When someone clicks on a link in a phishing email, their computer could then be infected with malware. When the link is clicked, it might seem that nothing has happened or that the link is broken. So people just ignore it and carry on with their work.

But what is actually happening is malware is getting installed on the PC in the background. Malware such as ransomware commonly gets into your business through phishing attacks.

Another popular hack is to try and get you to hand over your information. Let’s stick with the example above; getting an email from Microsoft telling you that your mailbox is full.

When you click on the link it might take you to a bogus Microsoft 365 sign-in page. The page looks real, but it isn’t. You then go ahead and enter your email username and password.

What you’ve actually done is hand over your credentials to a cyber-criminal.

Either way, it’s bad news.

How to Prevent Phishing Attacks

So, there are three ways to prevent a phishing attack from affecting your organisation.

Firstly, how can we prevent these phishing attacks from reaching us in the first place?

Because if they’re not in our mailbox, then we can’t click on them.

Secondly, how can we prevent our employees from clicking on the links when they receive a phishing attack?

Finally, if someone clicks on the link, what can we do next?

Use a Robust Spam Filter

We’ve talked about Microsoft 365 and how popular it is in business. Microsoft 365 is the best email system that your business can use.

But the 365 email system needs extra protection. When used alone, it doesn’t have the capability to deal with these sophisticated emails attacks.

There are several products on the market that make your 365 more secure.

Microsoft has its own additional security product called Advanced Threat Protection (or ATP for short). There are also third-party products like Mimecast, Vade Secure and Email Laundry. All these are designed to keep these phishing emails out of your team's inboxes.

It’s well worth the small additional cost.

Cyber Security Training

In addition to email filters, one of the main ways to combat cyberattacks, in general, is to educate your employees. So few businesses currently do this.

Education is everything and your business should be regularly training its staff so you can become confident that they know what to look for.

A bogus Microsoft 365 login page looks identical to the real thing. When you train your staff, you can easily spot that it isn’t real.

If an email doesn’t look quite right, then it probably isn’t.

There is an excellent company called KnowBe4 that can be used so your team can have regular online Cyber Security training.

You have to invest in Cyber Security!

You’ve clicked a link, what next?

But what if someone has already clicked on a link? What do you do then?

Here are my 5 top tips to deal with this.

Don’t enter any details. If the link directs you to a page where you can enter your username and password for things like Office 365, Paypal or Amazon - don’t! Likewise, if the page is asking you for financial details - don’t enter them

Disconnect the computer from the internet immediately either by unplugging the network cable or turning off the WiFi.

At this point, it might be time to call your IT people who will need to run a full scan on your PC to see if any malware has been found

If you have got further and entered your details, then change them immediately. Cyber Criminals want access to your accounts!

Ensure that all of your files on the PC are backed up. Sometimes when recovering from a cyber attack you can lose sensitive data.

I hope you have found this blog useful.To get in touch, please use the contact us page.